PHP G.A.S.P. For WordPress
POSTED by: on 12/28/2010
G.A.S.P. stands for GrowMap Anti-Spambot Plugin and was written by Andy Bailey of CommentLuv fame. G.A.S.P. is a fairly new technique, the idea is to stop SpamBots without using a captcha by simply clicking a checkbox (see below).
G.A.S.P. looks like a good idea, but some folks have had mixed results: G.A.S.P.: WordPress anti-spam plugin. Good idea, but does it deliver?, though on the whole it seems to work pretty well. G.A.S.P uses javascript, so that if a commenter has javascript turned off they can’t post a comment. Since most everyone these days has javascript turned on this isn’t much of a problem, but just for fun I did a php version (no javascript needed) of G.A.S.P. for WordPress, it doesn’t use a plugin yet, so you have to “tweak” the php code and edit some files by hand, specifically:
- comments.php
- your style sheet
- And you need to make a new file called: “pgasp-comments-post.php”
Modifications and Additions of WordPress Files for PHP GASP
Comments.php
Modify this line (about line 78 in comments.php) and change the file name to: “pgasp-comments-post.php” like so…
<form action= "<?php echo get_option('siteurl'); ?>/pgasp-comments-post.php" method="post" id="commentform">
Then, just before the submit button line in comments.php (around line 100 or so) add in this line:
<p><input type="checkbox" id="comchk1" name="comchk1" value="yes" /> <input type="checkbox" id="comchk2" name="comchk2" value="yes" /> Check this box if you're human. (Dofollow, CommentLuv) No bots or spam, please! </p>
Note that there are actually 2 checkboxes in the code. One of the checkboxes is hidden (using CSS) and will remain unchecked if a human is involved. However, SpamBots will typically fill in all items in a form, so if the hidden checkbox is checked, we know it’s spam.
CSS Stylesheet
To hide one of the checkboxes, you need to add the following to your stylesheet file (at the bottom of the file should be fine):
#comchk2 { display:none; }
pgasp-comments-post.php
You need to create a file named “pgasp-comments-post.php” with the following code. This is where the spam check takes place. If the comment passes the spam check it is then passed on to WordPress (wp-comments-post.php) Place this file (using ftp, or cpanel) in the top level directory (or whichever directory wp-comments-post.php is in)
<?php
/**
* php gasp
*/
/** Sets up the WordPress Environment. */
require( dirname(__FILE__) . '/wp-load.php' );
/* the next 6 lines is the spam checker... */
$comment_spamfilter = ( isset($_POST['comchk1']) ) ? trim($_POST['comchk1']) : null;
if ( 'yes' != $comment_spamfilter )
wp_die(__('Error: please check the box above the Submit button.'));
$comment_spamfilter2 = ( isset($_POST['comchk2']) ) ? trim($_POST['comchk2']) : null;
if ( 'yes' == $comment_spamfilter2 )
wp_die( __('Your Comment is waiting for moderation.')); // spam!
/* comment looks ok, so send on to wordpress... */
include ( dirname(__FILE__) . '/wp-comments-post.php');
?>
SpamBots, Mixing It Up
Of course, if enough people use GASP or PHP GASP, the SpamBotters will adapt their code, so you might want to mix it up a little. For example, make comchk1 the hidden checkbox, or add more hidden checkboxes (comchk3, comchk4, comchk5…) and so on.
Also GASP doesn’t stop human spammers, who fill up your moderation folder with comments like “Great post dude! Thanks for sharing.” (with a link to some spammy website) and the like, so you might need to try Akismet (which isn’t perfect either) or something. To be continued…
Comments
Mary Makowsky
January 8th, 2011
Hi there,
This is great! Is it possible to use it on a non-WordPress site form?
Doug Neubauer
January 8th, 2011
Hi Mary,
The code should work (with a few modifications) on a non-Wordpress site, as long as it uses the same basic process as WordPress does to handle comments, ie. it uses an html form for comments and calls a php file to process the comment.
The messy part will be in the pgasp-comments-post.php file where you’ll have to change all the “WordPress specific” stuff, like the calls to wp_die, and change the line: include ( dirname(__FILE__) . ‘/wp-comments-post.php’); to whatever php file your site is using, and remove the line with: require( dirname(__FILE__) . ‘/wp-load.php’ );
For reference the code for wp_die is here:
http://core.trac.wordpress.org/browser/tags/3.0.4/wp-includes/functions.php
(lines 2659-2758)
Hope this helps. Good luck!
Gail Gardner
March 8th, 2011
Thanks for the php version Doug. I’ll add some links to it in case others prefer to use your adaptation. The G.A.S.P. tab on my blog has additional information on an additional plugin and using the blacklist function built into WordPress for a total solution to the spam problem.
Gail Gardner recently posted..GrowMap Anti-SpamBot Plugin Testimonials
Gail Gardner
March 8th, 2011
P.S. While I prefer to delete Akismet from my own blogs, some bloggers do use it with GASP and since GASP blocks all the non-trackback bot spam you can actually FIND the real comments in the spam folder instead of having to wade through hundreds or even thousands of them.
We use another plugin to stop the spam that LOOKS like regular spam but is actually a trackback and the blacklist to stop repeat manual spammers.
Gail Gardner recently posted..GrowMap Anti-SpamBot Plugin Testimonials
Justin Germino
March 8th, 2011
Nice tutorial but too much work for the average blogger who barely understands or can use their own .php files. GASP does have a limitation with most mobile phones still having some javascript settings off, but few people on mobile devices are likely to fill out fields to leave a comment.
Justin Germino recently posted..Ezine Articles WordPress Plugin- Delete This Plugin Now!
Doug Neubauer
March 9th, 2011
Hi Gail,
For reference for others, here’s the link to your G.A.S.P. page…
http://www.growmap.com/growmap-anti-spambot-plugin/
and the link to the trackback-spam blocker…
http://www.dragonblogger.com/prevent-wordpress-trackback-spam/
The problem I have with Akismet, especially for Business Blogs, is the possibility of false positives, and missing a potential feedback comment from a customer.
Doug
Doug Neubauer
March 9th, 2011
Hi Justin,
Thanks for stopping by.
You’re right, my article is more for PHP coders, and folks who don’t mind “tweaking” their theme. Maybe I should try writing a plugin version if there’s any demand for a PHP GASP, although so far the Javascript version seems to be working fine.
Raymund camat
March 25th, 2011
I am using GASP and it works perfectly. I am now receiving zero spam everyday. Before I installed it I receive 100 a day.
Lacey Engelhart
September 24th, 2011
Terrific suggestions, thanks a lot!